package com.csust.base;

import com.mysql.jdbc.Driver;

import java.sql.*;
import java.util.Scanner;

public class jdbcPrepare {
    public static void main(String[] args)throws Exception  {
        //1.注册驱动
        DriverManager.registerDriver(new Driver());
        //2.获取连接
        String url = "jdbc:mysql://localhost:3306/atguigu?useUnicode=true&characterEncoding=utf8&useSSL=false";
        String username = "root";
        String password = "123456";
        Connection conn = DriverManager.getConnection(url, username, password);



        //3.创建连接对象
        PreparedStatement ps = conn.prepareStatement("SELECT * FROM `t_emp` WHERE `emp_name` = ?");
        //4.执行sql对象
        System.out.println("请输入员工姓名:");
        /*
         * abc' or '1' = '1 MySQL 注入的问题
         *
         * */
        Scanner sc = new Scanner(System.in);
        String name = sc.nextLine();
        ps.setString(1,name);

        ResultSet resultSet = ps.executeQuery();

        //5.sql语句
        while (resultSet.next()) {
            int empId = resultSet.getInt("emp_id");
            String empName = resultSet.getString("emp_name");
            Double empSalary = resultSet.getDouble("emp_salary");
            int empAge = resultSet.getInt("emp_age");
            System.out.println(empId + "\t" + empName + "\t" + empSalary + "\t" + empAge);

        }
        //6.关闭资源
        resultSet.close();
        ps.close();
        conn.close();

    }
}
